295/68 Monday, August 18, 2025
Cybersecurity experts have issued warnings about a new cyber threat called “Man-in-the-Prompt”, which can compromise popular artificial intelligence (AI) platforms such as ChatGPT, Gemini, Copilot, and Claude. This attack does not require complex techniques but instead leverages browser extensions that can access the Document Object Model (DOM) of web pages. These extensions can modify or inject prompts into the AI’s chat input box without the user noticing.
According to research by LayerX, any browser extension—even those without special permissions—can potentially access and alter prompts used in Large Language Models (LLMs), both commercial and internal. This allows attackers to steal information or insert commands to extract confidential data.
The attack begins when a user opens an AI tool in the browser. A malicious extension then intercepts the prompt intended for the AI, modifying it in the background. This might involve injecting hidden commands to perform a prompt injection attack or extract information from the AI’s response.
Although users may see a seemingly normal reply, sensitive data may have already been stolen or the session compromised. This poses significant risks, especially in business settings, where confidential information—such as financial data or internal reports—could be exposed. Additionally, such attacks may bypass security systems like firewalls or Data Loss Prevention (DLP) solutions, since the issue occurs before the data is transmitted to the AI server.
To prevent this threat, individual users are advised to regularly check their installed browser extensions, uninstall unnecessary ones, avoid extensions from untrusted sources, and restrict permissions as much as possible.
For organizations, it’s recommended to block or monitor browser extensions on company devices, separate AI tools from sensitive data, and implement new security measures such as prompt signing to verify the integrity of prompts before they are submitted.
The LayerX report emphasizes that securing AI systems requires more than just protecting models and servers—it also involves safeguarding the user interface and browser environment, as even a simple HTML text box can become a critical point of vulnerability in the entire system.
